Digital rights management using geographic and temporal traits

ABSTRACT

Digital rights management using geographic and temporal traits is described. In one or more implementations, a digital medium environment is configured to control access to at least on item of content by digital rights management functionality embedded as part of the content. Data is collected describing geographical traits of a location or temporal traits associated with a request received from the user to access the content. A determination is made from the data using a digital rights management module embedded as part of the content as to whether the geographical or temporal traits meet specified traits of a geographical behavior of a digital rights management policy enforced by the digital rights management module for the at least one item of the content. Responsive to a determination that the specified traits are met, access is permitted to the least one item of the content by the embedded digital rights management module.

This Application claim priority as a continuation of U.S. patentapplication Ser. No. 14/975,442, filed Dec. 18, 2015, and titled“Digital Rights Management using Geographic and Temporal Traits,” theentire disclosure of which is hereby incorporated by reference.

BACKGROUND

Digital rights management is used to control use of content, e.g., toalter, consume, or distribute content. Current digital rights managementtechniques are based on qualities that are unique to a particular user.For example, a purchaser of an application from a conventionalapplication store, a song from an online music store, and so on may begiven access to the content via a user name and password of an accountassociated with the user for a corresponding service. Other conventionalexamples include persistent online authentication, unique contentidentifiers (e.g., CD keys), digital watermarks, and encryption keysassociated with a particular user or user's device.

Each of these conventional techniques, however, is rigid and lacks anability to address changes in how the content is to be consumed and thislimit usability of the content. Accordingly, this “all-or-nothing”approach to content access may be frustrating to consumers of thecontent and thus limit desired distribution of the content.

SUMMARY

Digital rights management using geographic and temporal traits isdescribed. In one or more implementations, a digital medium environmentis configured to control access to at least on item of content bydigital rights management functionality embedded as part of the content.Data is collected describing geographical traits of a location ortemporal traits associated with a request received from the user toaccess the content. A determination is made from the data using adigital rights management module embedded as part of the content as towhether the geographical or temporal traits meet specified traits of ageographical behavior of a digital rights management policy enforced bythe digital rights management module for the at least one item of thecontent. Responsive to a determination that the specified traits aremet, access is permitted to the least one item of the content by theembedded digital rights management module.

This Summary introduces a selection of concepts in a simplified formthat are further described below in the Detailed Description. As such,this Summary is not intended to identify essential features of theclaimed subject matter, nor is it intended to be used as an aid indetermining the scope of the claimed subject matter.

BRIEF DESCRIPTION OF THE DRAWINGS

The detailed description is described with reference to the accompanyingfigures. In the figures, the left-most digit(s) of a reference numberidentifies the figure in which the reference number first appears. Theuse of the same reference numbers in different instances in thedescription and the figures may indicate similar or identical items.Entities represented in the figures may be indicative of one or moreentities and thus reference may be made interchangeably to single orplural forms of the entities in the discussion.

FIG. 1 is an illustration of an environment in an example implementationthat is operable to employ digital rights management (DRM) andbehavioral trait techniques described herein.

FIG. 2 depicts a system in an example implementation of creation of aDRM policy and subsequent content to be consumed by users included in abehavior.

FIG. 3 depicts a system in an example implementation in which a digitalrights management module is configured to control content access basedon geographic traits of a behavior.

FIG. 4 depicts a system in an example implementation in which a clientdevice of FIG. 1 is used to access content and obtain a determination ofa likely position associated with the access.

FIG. 5 depicts an example implementation in which a DRM module isconfigured to control access to items of the content based on acalculation of a likelihood of access to the content being compromisedby a third party.

FIG. 6 depicts an example implementation in which a DRM module isconfigured to control access to items of the content based on temporaltraits of a behavior.

FIG. 7 is a flow diagram depicting a procedure in an exampleimplementation in which geographic traits of a behavior are used tocontrol access to content by a digital rights management module that isembedded as part of the content.

FIG. 8 is a flow diagram depicting a procedure in an exampleimplementation in which temporal traits of a behavior are used tocontrol access to content by a digital rights management module that isembedded as part of the content.

FIG. 9 illustrates an example system including various components of anexample device that can be implemented as any type of computing deviceas described and/or utilize with reference to FIGS. 1-8 to implementembodiments of the techniques described herein.

DETAILED DESCRIPTION

Overview

Conventional digital rights management techniques are rigid andinflexible and thus not able to take into account potentially changingtraits of a behavior of a user that is to consume content. For example,conventional techniques typically rely on credentials that areparticular to a user such that the credentials uniquely identify thatuser from each other user. Verification of these credentials is thenused to grant access to the content in its entirety in theseconventional techniques. This is because conventional credentials do notdescribe content consumption characteristics of the user. A user nameand password, for instance, may be used to control access to contentobtained from an online music store, application store, and so on.Accordingly, the user name and password do not describe behaviors of apopulation, such as a way in which the population acts or conductsitself toward content. As such, although these conventional techniquesmay relate to the particular user, these techniques do not addresstraits of a population behavior that may include the user and thus arenot capable of addressing changing traits of the behaviors of the users.

Digital rights management techniques are described that address traitsof a behavior of a user population that is to consume the content. Inone or more implementations, traits of a behavior are specified that areincorporated as part of a digital rights management policy for content.Analytics data, for instance, may be collected that describes a userpopulation as a whole. A creator of a DRM policy may then select traitsof behaviors for a target population as a subset of this user populationto control content consumption by the subset of the user population. Asdescribed above, behaviors describe a way in which a user populationacts or conducts itself toward content that is relevant to thepopulation as a whole but is not particular to any specific user of thatpopulation.

In this way, access to all or portions (i.e., items) of the content maybe controlled by a digital rights management module based oncontemplated behaviors of consumers of the content, which is embedded aspart of the content. For example, a marketer may wish to include animage as part of a marketing campaign for a population segment. Themarketer may then specify traits of behaviors of the specific targetpopulation (e.g., content consumption characteristics related to age,gender, geographic location included as part of analytics data) to beimplemented as part of a digital rights management policy as well ascharacteristics of content that is to be created.

The characteristics of the content as specified by the marketer are thenused by a creative professional to create the content, which is thenembedded with a digital rights management module that is configured toimplement the digital rights management policy. Thus, in this example aworkflow may be supported in which a target population and correspondingpolicy is first specified through interaction with analytics data andthen used as a basis to create content for deployment.

Once deployed, the digital rights management (DRM) module may implementthe digital rights management policy to dynamically address traits andchanges to the traits of a behavior of users that consume the content.The DRM module, for instance, is configured to control access todifferent portions of the content based on which traits are met by auser requesting this access. Further, the access may be conditional,such as to permit access to one portion of content if a trait is met(e.g., age 18-35) but a different portion of content if the trait is notmet, e.g., that is age appropriate. In this way, the marketers mayspecify how content is to be consumed and address potentially changingtastes and desires of users dynamically as the user's traits changewithout changing the content itself. Accordingly, a single item ofcontent may dynamically change to address changing behaviors of usersthat are to consume the content which was not possible in conventionaltechniques, which thus required updates and changes to the content whichwould then be populated back to the users.

For example, geographic traits may be used to control access to items ofthe content. This may be used to limit access to the content at work,for instance, and not permit this access at a user's home. Further, thegeographic traits may leverage analytics to control access. The embeddedDRM module, for instance, may implement a DRM policy to control accessto reduce a likelihood that unauthorized access to the content isobtained based on where this access is to occur. This may be performedusing a list of pre-calculated locations, e.g., to restrict access at acoffee shop or airport but permit access at a hotel.

This may also be performed dynamically by parsing text that describesthe location. An address associated with a location, for instance, maybe used as a lookup to obtain text (e.g., via a location lookup serviceor search engine) that describes the location, e.g., a name of abusiness, reviews of the business, and so on. This text may thusidentify a likelihood of someone else viewing the content, e.g., torestrict access at a coffee shop or airport but permit access at a hotelas described above. In this way, the DRM module may dynamically addresshow the content is likely to be consumed based on geographical traits,further discussion of which is described in relation to FIGS. 3-5 in thefollowing.

Temporal traits may also be used in a similar manner, such as to limitaccess to particular portions of the content to particular times. Forexample, the DRM module may be configured to redact items of item lateat night but permit access to these items during business hours.Further, this access may also be combined with other traits of behaviorsas described above, such as to combine with geographic traits such thatthis access is controlled based on time and location. Further discussionof these examples is included in relation to FIGS. 6 and 8 in thefollowing.

In the description herein, content refers to a variety of differenttypes of content, such as images, video, sound, and so on. Accordingly,characteristics of content to be created may describe a variety ofvisual and/or audio characteristics, such as objects to be included inan image, general look and feel of the image, types of sounds to beincluded in sound, locations for capture of video, and so forth. Digitalrights management refers to access control techniques that are usable tocontrol access to the content as a whole or particular portions of thecontent through use of a digital rights management policy, which in thefollowing may be based on traits of a behavior. Traits of behaviorsdescribe a way in which a user population acts or conducts itself towardcontent that is relevant to the population as a whole but is notparticular to any specific user of that population, such as age group,gender, geographic location, profile, business status, group membership,device characteristics. Thus, traits met by a particular user areleveraged by the digital rights management policy to control access tocontent as a whole or particular portions of the content as furtherdescribed below.

An example environment is first described that may employ the DRMtechniques described herein. Example procedures are then described whichmay be performed in the example environment as well as otherenvironments. Consequently, performance of the example procedures is notlimited to the example environment and the example environment is notlimited to performance of the example procedures.

Example Environment

FIG. 1 is an illustration of an environment 100 in an exampleimplementation that is operable to employ digital rights management andbehavioral trait techniques described herein. The illustratedenvironment 100 includes a client device 102, a content creation service104, a marketing service 106, and an analytics service 108 that arecommunicatively coupled, one to another, via a network 110. Each ofthese entities may be configured in a variety of ways using one or morecomputing devices.

A computing device, for instance, may be configured as a desktopcomputer, a laptop computer, a mobile device (e.g., assuming a handheldconfiguration such as a tablet or mobile phone as illustrated), and soforth to implement the client device 102. Thus, the computing device mayrange from full resource devices with substantial memory and processorresources (e.g., personal computers, game consoles) to a low-resourcedevice with limited memory and/or processing resources (e.g., mobiledevices). Additionally, a computing device may be representative of aplurality of different devices, such as multiple servers utilized by abusiness to perform operations “over the cloud” to implement the contentcreation service 104, the marketing service 106, and the analyticsservice 108 as further described in relation to FIG. 9.

The marketing service 106 is illustrated as including a marketingmanager module 112. The marketing manager module 112 is representativeof functionality to support user interaction to create a marketingcampaign, track deployment of the marketing campaign, and so forth. Auser, for instance, may interact with the marketing manager module 112to specify a marketing campaign, items of content to be included in thecampaign, and one or more behaviors of the campaign. The user may alsointeract with a DRM creation module 114 that is representative offunctionality to specify traits of behaviors to form a DRM policy 116 tobe utilized to manage access to content 118. The campaign, for instance,may be configured to control output of different images as a backgroundbased on age of users that access the content.

The marketing manager module 112 may employ analytics to generateanalytics data (i.e., “big data”) that describes a user population, suchas traits of behaviors as described above. Through interaction with themarketing manager module 112, a user may then select traits of behaviorsof a target population from this data that are to be met by users toconsume corresponding portions of content 118. For example, themarketing manager module 112 may output a user interface via which auser may select traits of behaviors for a desired target population(e.g., age, gender, job title), such as by selecting a check box,keyword input, and so forth. In this way, the user is provided withdetailed knowledge of traits of behaviors of a target population andfrom this knowledge select traits of behaviors to be met to consumeparticular potions of the content 118, rather than guessing which traitscould be met by a target population as performed in conventionaltechniques which may be prone to error and inefficient.

Data describing the content 118 to be created and the traits specifiedabove as part of creation of the DRM policy 116 through interaction withthe DRM creation module 114 is then provided to a content creationservice 104 in this example. The content creation service 104 includes acontent creation module 120 that is representative of functionality tocreate content 118, which is illustrated as stored in storage 122. Avariety of content 118 may be created, such as webpages, advertisements,media including video and/or audio content, and so forth.

Continuing with the previous example, a user interacts with the contentcreation module 120 to create content 118 having characteristics asspecified by the marketing service 106. As part of this creation, a DRMmanager module 124 is used to embed a DRM module 126 as part of thecontent 118. The DRM manager module 124 is representative offunctionality to control implementation of the DRM policy 116 as part ofthe content 118 during consumption of the content 118, e.g., by acommunication module 128 (e.g., browser, web-enabled application) of theclient device 102.

The DRM module 126, for instance, may be configured to determine traitsof a user that requests access to the content 118 and provide access toportions of the content 118, if any, that correspond to those traits.For example, the DRM policy 116 may specify different backgrounds of anadvertisement for different behaviors. Accordingly, the DRM module 126determines traits of a user requesting access and provides access tocorresponding portions of the content 118, e.g., the backgrounds. Inthis way, the DRM policy 116 as specified by the marketing service 106in this example serves as a basis for creation of the content 118 andmanagement of access to portions of the content 118. Examples thatsupport additional complications and dynamic responses of DRM controlare described in the following.

The DRM module 126 may leverage data obtained from a variety of sourcesto determine traits associated with a user in order to control access.An example of one such source is illustrated as an analytics service 108having an analytics manager module 130 that is representative offunctionality to collect analytics data. This may include analytics datasuch as social network posts, webpages visited, items bought and soforth that is exposed via application programming interfaces bywebsites. This may also include tracking code that is embedded as partof content that exposes data describing usage of the content. Thus, the“big data” collected by the analytics service 108 from third-partysources may describe the user and content usage of the user which maythen be used by the DRM module 126 to control interaction with thecontent 118 as further described below.

FIG. 2 depicts a system 200 in an example implementation of creation ofa DRM policy and subsequent content to be consumed by users included ina target segment. The system 200 is illustrated using first, second, andthird stages 202, 204, 206. At the first stage 202, user interactionwith a marketing manager module 110 is used to specify contentcharacteristics 208, e.g., for part of a marketing campaign. A varietyof different content characteristics 208 may be specified, includingtype of content such as webpage, printed add, audio such as a jingle orsong, video such as an instructional product video or dedicated productadvertisement, legal contract. The content is also deliverable in avariety of ways, e.g., streaming or downloaded for local storage andsubsequent playback.

The marketing manager module 112 as previously described also includes aDRM creation module 114. The DRM creation module 114 in this instance isrepresentative of functionality to specify digital rights management(DRM) traits 210 of behaviors that are used to create a DRM policy 116of the content creation service 104. The DRM policy 114 as previouslydescribed is configured to control content access by determining whichtraits of users are satisfied in order to gain access to portions ofcontent. As described above, the DRM traits may be specified in avariety of ways, such as through selection of particular traitscollected through analytics by the marketing service 106.

A variety of different DRM traits 210 may be specified, such as traitsparticular to a behavior but are not unique to individual members havingthe behavior, e.g., may be satisfied by a plurality of users. Examplesof such behavioral traits that are usable to determine potentialinteraction of a user with content include age group 212 (e.g.,particular age or age range), gender 214, geographic location 216 (e.g.,based on IP address, city, state, region, country, continent) as furtherdescribed in relation to FIGS. 3-5, profile 218 (e.g., traits includedin a social network profile, business title in a business website,educational degrees achieved, particular skills), business status 220(e.g., whether an associated business is in good standing, businesscertifications), group membership 222 (e.g., membership to a particularorganization), device characteristics 224 of a device being used by theuser to gain access (e.g., brand, hardware resources, softwareresources, display resources), temporal traits (e.g., business hours,time of day, day of week, week of month, year) as further described inrelation to FIG. 6, and so forth.

At the second stage 204, a content creation module 120 of the contentcreation service 104 is used to create content 118 and a DRM module 126to control access to the content 118 as specified by a DRM policy 116created based on the specified DRM traits 210. A creative professional,for instance, may interact with the content creation module 120 of thecontent creation service 104 to create content 118 as specified by thecontent characteristics 208 received from the marketing service 106. Themarketing service 106, for instance, may specify different images andthe content characteristics 208 thereof to be used as alternatives aspart of a marketing campaign based on the DRM traits 210. The creativeprofessional may then create content 118 as specified.

The content creation module 116 also includes a DRM manger module 124that is representative of functionality that is configured to implementthe DRM policy 116 through embedding the DRM module 126 as part of thecontent 118. The DRM module 126, for instance, may be executable todetermine DRM traits associated with consumption of the content 118. Asdescribed above, these may include DRM traits 210 of a behavior that arenot specific to a particular user, including traits of a device used,age group, geographic location, and so forth.

Accordingly, the content 118 having the DRM module 126 may be providedto a client device 102 for consumption as shown at the third stage 206.The DRM module 126 may then be utilized to address differences in traitsbetween users, such as gender 212. The DRM module 126 is also usable toaddress changes in the user, itself, such as change in age group 212,geographic location 216, business status 220 (e.g., job title),membership 222, and so on as described above. Further, as the DRM module126 is embedded as part of the content 118 this dynamic consumption maybe performed offline without accessing a network, and thus may addresslimitations of conventional techniques that required access in order toserve different content, such as targeted advertisements as part ofwebpages that are obtained and not available locally until relevantcharacteristics of a user are determined, e.g., geographic location.

FIG. 3 depicts a system 300 in an example implementation in which theDRM module 124 is configured to control content access based ongeographic traits of a behavior. This example is illustrated using firstand second stages 302, 304 that correspond to first and secondgeographic locations 306, 308, at which, the content 118 is to beconsumed. As before, the content 118 includes an embedded DRM module 126that is configured to control access to first and second items of thecontent 310, 312.

In this example, the DRM module 126 is configured to use geographictraits of a behavior to control access to the first and second items ofcontent 310, 312. For example, the DRM module 126 may determine at afirst stage 302 that a location associated with a user that requestsaccess to the content 118 corresponds to a first geographic location306, e.g., a place of work. Accordingly, the DRM module 126 permitsaccess to the first and second items of content 310, 312.

At the second stage 304, however, the DRM module 126 determines that auser is at a second geographic location 308 that is not the user's placeof work, e.g., a coffee shop. Accordingly, in this example the DRMmodule 126 permits access to the first item of content 310 and restrictsaccess to the second item of content 312. For example, the second itemof content 312 may pertain to confidential information of the user'semployer that is not permitted to be accessed outside the premises ofthe business. In this way, the second item of content 312 may beprotected from access by potentially malicious third parties.

In one or more implementations, an alternative item of content is madeaccessible instead that otherwise would not be output if the access tothe second item of content 312 was permitted, such as to include aversion of the second item of content 312 that does not includedinformation to be protected. The geographic location that is associatedwith the user and used a basis for this control may be determined in avariety of ways, examples of which are described in the following.

FIG. 4 depicts a system 400 in an example implementation in which theclient device 102 of FIG. 1 is used to access the content 118 and obtaina determination of a likely location associated with the access. In thisexample, the client device 102 is configured as a wearable computer,such as a smart watch. Other examples are also contemplated as furtherdescribed in relation to FIGS. 1 and 9. The client device 102 includescontent 118 have an embedded DRM module 126 to enforce a DRM policy 116that is based at least in part of geographic traits of a behavior.

In this example, the client device 102 is illustrated as assuming amobile configuration, e.g., a wearable, and a variety of other mobileconfigurations are also contemplated such as a heads-up display in avehicle. The client device 102 may obtain the location in a variety ofways. In one example, position determination functionality 402 isincluded as part of the client device 102 itself, such as to utilize aglobal positioning system, triangulation through cell towers, and soforth. The position determination functionality 402, for instance, mayprovide coordinates that are associated with an address to abstractwhere the client device 102 is located, e.g., at a business, the user'shome, and so forth. This abstraction may then be used as a basis forcontrol, e.g., to identify when located at a person's work, a person'shome, and so forth.

Data obtained from an analytics service 108 may also be used for thisdetermination. An analytics service 108, for instance, may collect datafrom third-party sources that potentially describe a location of theuser. An example of this is illustrated as posts 404 managed by a socialmanager module 406 of a social network service 408, such as Facebook®,Twitter®, and so forth. The posts 404, for instance, may include textentered by a user that describes the user's location, may beautomatically tagged with the user's location when making the post, mayinclude a location of the user when “checking in” at a location, and soforth.

The availability of these various ways in which to determine thelocation may support a variety of functionality. For example, thesetechniques may be utilized to verify each other, such as to verify thata likely location of a user determined using potion determinationfunctionality 402 with a location determined from the analytics service108. A user, for instance, may post that “I'm have a great time at theNew Restaurant” to a social network service 408. Position determinationfunctionality 402 of the client device 102 may also be used determine alocation, and if these locations are consistent with each other, the DRMmodule 126 may provide access to the content as specified by a DRMpolicy 116. This may include a determination of whether a user is ableto travel between a location described in a previous post to a currentlocation in the amount of time that has passed since originating thepost.

In this way, this verification serves to verify the location as well asthat it is that user at that location and also likely originated therequest to access the content 118, and may do so without requiring theuser to enter credentials. Use of data from the analytics service 108may also be used to support other functionality, such as to protect thecontent from being obtained by undesired parties, further discussion ofwhich is included in the following.

FIG. 5 depicts an example implementation 500 in which the DRM module 126is configured to control access to items of the content based on acalculation of a likelihood that access to the content being compromisedby a third party. In this example, the DRM module 126 employs logic todetermine a threat level likely associated with a location at which thecontent 118 is to be accessed, which describes a likelihood of access tothe content being compromised at the location by a potentially maliciousthird party.

The client device 102, for instance, may use position determinationfunctionality 402 to determine a current location of the client device102, e.g., using GPS coordinates. The current location of the clientdevice 102 is then used by the DRM module 126 to obtain text describingthe location. This text, for instance, may be obtained from theanalytics service 108, a search engine, and so forth via a network 110as a location description 502. For example, the client device 102 mayobtain GPS coordinates, which are provided to the analytics service 108to obtain a textual location description 502 corresponding to thecoordinates, such as a text description of a name of the location (e.g.,coffee shop), services provided at the location (e.g., food andbeverage), and so forth.

The DRM module 126 may then parse this location description 502 tocalculate a likelihood that access to the content at the location willbe compromised, e.g., by a potentially malicious third party. Forexample, the DRM module 126 may determine from parsing the locationdescription 502 (e.g., through natural language processing) that thelocation is generally considered a high traffic area, e.g., a coffeeshop, airport, bus station, bar, and so forth. In response, the DRMmodule 126 may restrict access to the second item of content 312. Inanother example, the DRM module 126 may determine from parsing thelocation description 502 that the location is not considered to exhibithigh amounts of traffic, such as at a user's home, a hotel, and so forthand thus permit access to the second item of content 312. In this way,the DRM module 126 may dynamically control access to the content in aflexible manner automatically and without user intervention based on howthe content is likely to be consumed at the different geographiclocations. These parsing techniques may also be used to determine whichitem of content is to be made accessible for other purposes, such as toprovide access to entertainment options in content when located at ahotel, and so forth to dynamically tie a user's location with whichitems of content are to be consumed at that location.

A variety of other techniques may also be employed. For example, the DRMmodule 126 may employ a list of locations that have a pre-calculatedlikelihood of resulting in the at least one item of the content beingcompromised. These locations may include locations of competitor'sbusinesses, locations at which hacking is known to occur, and so forth.This list may be maintained locally at the client device 102 to supportoffline access and/or accessible via the network 110. Thus, in this waythe DRM module 126 may work to actively protect access to content 118based on characteristics of where the access it to occur.

FIG. 6 depicts an example implementation 600 in which a DRM module 126is configured to control access to items of the content based ontemporal traits of a behavior. This example is also illustrated usingfirst and second stages 602, 604 that correspond to first and secondpoints in time 606, 608, at which, the content 118 is to be consumed. Asbefore, the content 118 includes an embedded DRM module 126 that isconfigured to control access to first and second items of the content310, 312.

In this example, temporal traits are determined by the DRM module 126 tocontrol access to the items of content 310, 312. These temporal traitsinclude time-of-day, such as to limit access to the second item ofcontent 312 to a first point in time 606 that includes business hoursand restrict access otherwise as shown at the second point in time 608.Similar considerations may be given to a day of week, week of the month,month of the year, holidays, and so forth. In this way, the DRM module126 may control access based on “when” in addition to “where” and “how”as described in the previous examples.

Example Procedures

The following discussion describes digital rights management techniquesthat may be implemented utilizing the previously described systems anddevices. Aspects of each of the procedures may be implemented inhardware, firmware, or software, or a combination thereof. Theprocedures are shown as a set of blocks that specify operationsperformed by one or more devices and are not necessarily limited to theorders shown for performing the operations by the respective blocks. Inportions of the following discussion, reference will be made to FIGS.1-6.

FIG. 7 depicts a procedure 700 in an example implementation in whichgeographic traits of a behavior are used to control access to content bya digital rights management module that is embedded as part of thecontent. Data is collected that describes geographical traits of alocation associated with a request received from the user to access thecontent (block 702). The data, for instance, may be obtained fromposition determination functionality 402 (e.g., GPS) of a client device102, parsed from text of a location description 502, and so forth.

A determination is made from the data using a digital rights managementmodule embedded as part of the content as to whether the geographicaltraits meet specified traits of a geographical behavior of a digitalrights management policy enforced by the digital rights managementmodule for the at least one item of the content (block 704). Thespecified traits, for instance, may permit access at particularlocations, restrict access at particular locations, and so forth.

This may also include verifying the location (block 706), e.g., using aplurality of different types of ways to determine a location associatedwith the request. This may also include calculating a likelihood thataccess to the at least one item of the content will be compromised atthe location (block 708), e.g., whether at a coffee shop or hotel roomas described above. Thus, these geographic traits of the behavior mayalso pertain to how the content is expected to be consumed at thelocation based on characteristics of the location.

Responsive to a determination that the specified traits are met, accessto the least one item of the content is permitted by the embeddeddigital rights management module at the location (block 710). In thisway, the DRM module 126 may dynamically address changes in geographictraits of a behavior associated with a user and how the user is toconsume content. Other types of traits are also contemplated, an exampleof which is described in the following.

FIG. 8 depicts a procedure 800 in an example implementation in whichtemporal traits of a behavior are used to control access to content by adigital rights management module that is embedded as part of thecontent. Data is collected that describes temporal traits associatedwith a request received from the user to access the content (block 802).The data, for instance, may be obtained from a clock that is internal toa client device 102, learned from data parsed from posts 404 of a socialnetwork service 408 using natural language processing, and so forth.

A determination is made from the data using a digital rights managementmodule that is embedded as part of the content as to whether thetemporal traits meet specified traits of a temporal behavior of adigital rights management policy enforced by the digital rightsmanagement module for the at least one item of the content (block 804).The specified traits, for instance, may limit access to business hours,lunchtime, and so forth.

Responsive to a determination that the specified traits are met, accessto the least one item of the content is permitted by the embeddeddigital rights management module at the location (block 806). In thisway, the DRM module 126 may dynamically address changes in temporaltraits of a behavior associated with a user and how the user is toconsume content.

Example System and Device

FIG. 9 illustrates an example system generally at 900 that includes anexample computing device 902 that is representative of one or morecomputing systems and/or devices that may implement the varioustechniques described herein. This is illustrated through inclusion ofthe content 118 and DRM module 126. The computing device 902 may be, forexample, a server of a service provider, a device associated with aclient (e.g., a client device), an on-chip system, and/or any othersuitable computing device or computing system.

The example computing device 902 as illustrated includes a processingsystem 904, one or more computer-readable media 906, and one or more I/Ointerface 908 that are communicatively coupled, one to another. Althoughnot shown, the computing device 902 may further include a system bus orother data and command transfer system that couples the variouscomponents, one to another. A system bus can include any one orcombination of different bus structures, such as a memory bus or memorycontroller, a peripheral bus, a universal serial bus, and/or a processoror local bus that utilizes any of a variety of bus architectures. Avariety of other examples are also contemplated, such as control anddata lines.

The processing system 904 is representative of functionality to performone or more operations using hardware. Accordingly, the processingsystem 904 is illustrated as including hardware element 910 that may beconfigured as processors, functional blocks, and so forth. This mayinclude implementation in hardware as an application specific integratedcircuit or other logic device formed using one or more semiconductors.The hardware elements 910 are not limited by the materials from whichthey are formed or the processing mechanisms employed therein. Forexample, processors may be comprised of semiconductor(s) and/ortransistors (e.g., electronic integrated circuits (ICs)). In such acontext, processor-executable instructions may beelectronically-executable instructions.

The computer-readable storage media 906 is illustrated as includingmemory/storage 912. The memory/storage 912 represents memory/storagecapacity associated with one or more computer-readable media. Thememory/storage component 912 may include volatile media (such as randomaccess memory (RAM)) and/or nonvolatile media (such as read only memory(ROM), Flash memory, optical disks, magnetic disks, and so forth). Thememory/storage component 912 may include fixed media (e.g., RAM, ROM, afixed hard drive, and so on) as well as removable media (e.g., Flashmemory, a removable hard drive, an optical disc, and so forth). Thecomputer-readable media 906 may be configured in a variety of other waysas further described below.

Input/output interface(s) 908 are representative of functionality toallow a user to enter commands and information to computing device 902,and also allow information to be presented to the user and/or othercomponents or devices using various input/output devices. Examples ofinput devices include a keyboard, a cursor control device (e.g., amouse), a microphone, a scanner, touch functionality (e.g., capacitiveor other sensors that are configured to detect physical touch), a camera(e.g., which may employ visible or non-visible wavelengths such asinfrared frequencies to recognize movement as gestures that do notinvolve touch), and so forth. Examples of output devices include adisplay device (e.g., a monitor or projector), speakers, a printer, anetwork card, tactile-response device, and so forth. Thus, the computingdevice 902 may be configured in a variety of ways as further describedbelow to support user interaction.

Various techniques may be described herein in the general context ofsoftware, hardware elements, or program modules. Generally, such modulesinclude routines, programs, objects, elements, components, datastructures, and so forth that perform particular tasks or implementparticular abstract data types. The terms “module,” “functionality,” and“component” as used herein generally represent software, firmware,hardware, or a combination thereof. The features of the techniquesdescribed herein are platform-independent, meaning that the techniquesmay be implemented on a variety of commercial computing platforms havinga variety of processors.

An implementation of the described modules and techniques may be storedon or transmitted across some form of computer-readable media. Thecomputer-readable media may include a variety of media that may beaccessed by the computing device 902. By way of example, and notlimitation, computer-readable media may include “computer-readablestorage media” and “computer-readable signal media.”

“Computer-readable storage media” may refer to media and/or devices thatenable persistent and/or non-transitory storage of information incontrast to mere signal transmission, carrier waves, or signals per se.Thus, computer-readable storage media refers to non-signal bearingmedia. The computer-readable storage media includes hardware such asvolatile and non-volatile, removable and non-removable media and/orstorage devices implemented in a method or technology suitable forstorage of information such as computer readable instructions, datastructures, program modules, logic elements/circuits, or other data.Examples of computer-readable storage media may include, but are notlimited to, RAM, ROM, EEPROM, flash memory or other memory technology,CD-ROM, digital versatile disks (DVD) or other optical storage, harddisks, magnetic cassettes, magnetic tape, magnetic disk storage or othermagnetic storage devices, or other storage device, tangible media, orarticle of manufacture suitable to store the desired information andwhich may be accessed by a computer.

“Computer-readable signal media” may refer to a signal-bearing mediumthat is configured to transmit instructions to the hardware of thecomputing device 902, such as via a network. Signal media typically mayembody computer readable instructions, data structures, program modules,or other data in a modulated data signal, such as carrier waves, datasignals, or other transport mechanism. Signal media also include anyinformation delivery media. The term “modulated data signal” means asignal that has one or more of its characteristics set or changed insuch a manner as to encode information in the signal. By way of example,and not limitation, communication media include wired media such as awired network or direct-wired connection, and wireless media such asacoustic, RF, infrared, and other wireless media.

As previously described, hardware elements 910 and computer-readablemedia 906 are representative of modules, programmable device logicand/or fixed device logic implemented in a hardware form that may beemployed in some embodiments to implement at least some aspects of thetechniques described herein, such as to perform one or moreinstructions. Hardware may include components of an integrated circuitor on-chip system, an application-specific integrated circuit (ASIC), afield-programmable gate array (FPGA), a complex programmable logicdevice (CPLD), and other implementations in silicon or other hardware.In this context, hardware may operate as a processing device thatperforms program tasks defined by instructions and/or logic embodied bythe hardware as well as a hardware utilized to store instructions forexecution, e.g., the computer-readable storage media describedpreviously.

Combinations of the foregoing may also be employed to implement varioustechniques described herein. Accordingly, software, hardware, orexecutable modules may be implemented as one or more instructions and/orlogic embodied on some form of computer-readable storage media and/or byone or more hardware elements 910. The computing device 902 may beconfigured to implement particular instructions and/or functionscorresponding to the software and/or hardware modules. Accordingly,implementation of a module that is executable by the computing device902 as software may be achieved at least partially in hardware, e.g.,through use of computer-readable storage media and/or hardware elements910 of the processing system 904. The instructions and/or functions maybe executable/operable by one or more articles of manufacture (forexample, one or more computing devices 902 and/or processing systems904) to implement techniques, modules, and examples described herein.

The techniques described herein may be supported by variousconfigurations of the computing device 902 and are not limited to thespecific examples of the techniques described herein. This functionalitymay also be implemented all or in part through use of a distributedsystem, such as over a “cloud” 914 via a platform 916 as describedbelow.

The cloud 914 includes and/or is representative of a platform 916 forresources 918. The platform 916 abstracts underlying functionality ofhardware (e.g., servers) and software resources of the cloud 914. Theresources 918 may include applications and/or data that can be utilizedwhile computer processing is executed on servers that are remote fromthe computing device 902. Resources 918 can also include servicesprovided over the Internet and/or through a subscriber network, such asa cellular or Wi-Fi network.

The platform 916 may abstract resources and functions to connect thecomputing device 902 with other computing devices. The platform 916 mayalso serve to abstract scaling of resources to provide a correspondinglevel of scale to encountered demand for the resources 918 that areimplemented via the platform 916. Accordingly, in an interconnecteddevice embodiment, implementation of functionality described herein maybe distributed throughout the system 900. For example, the functionalitymay be implemented in part on the computing device 902 as well as viathe platform 916 that abstracts the functionality of the cloud 914.

CONCLUSION

Although the invention has been described in language specific tostructural features and/or methodological acts, it is to be understoodthat the invention defined in the appended claims is not necessarilylimited to the specific features or acts described. Rather, the specificfeatures and acts are disclosed as example forms of implementing theclaimed invention.

What is claimed is:
 1. In a digital medium environment to control accessto at least one item of content by digital rights managementfunctionality embedded as part of the content, a method implemented by acomputing device, the method comprising: collecting geographic datadescribing geographical traits of a location associated with a requestreceived from the user, by the computing device, to access the content;collecting social network data from at least one social network serviceassociated with the user that originated the request, the social networkdata describing a location associated with a social network post as partof the at least one social network service; determining from the datausing a digital rights management module embedded as part of the contentwhether the geographical traits meet specified traits of a geographicalbehavior of a digital rights management policy enforced by the digitalrights management module for the at least one item of the content, thedetermining including calculating a likelihood that access to the atleast one item of content will be compromised at the location associatedwith the user and verifying the collected geographic data describing thegeographical traits of the location using the collected social networkdata from the at least one social network service describing thelocation associated with the social network post; and responsive to adetermination that the specified traits are met, permitting access tothe least one item of the content, by the embedded digital rightsmanagement module, at the geographic location.
 2. The method asdescribed in claim 1, wherein the collecting of the social network datadescribing the geographical traits is performed at least in part byaccessing an analytics service by the computing device over a network.3. The method as described in claim 2, wherein the social network datais collected by the analytics service from one or more other serviceproviders via the network, the data associated with the user thatoriginated the request.
 4. The method as described in claim 3, whereinthe one or more other service providers include the at least one socialnetwork service.
 5. The method as described in claim 3, wherein thedetermining by the digital rights management module includes verifyinggeographic data describing geographical traits that is generated usingposition determination functionality of the computing device using thesocial network data collected by the analytics service.
 6. The method asdescribed in claim 1, further comprising responsive to a determinationthat the specified traits are not met, restricting access to the leastone item of the content and permitting access to another item of contentin which the access to the other item of content is not permitted if thedetermination is made that the specified traits are met.
 7. The methodas described in claim 1, wherein the calculating includes comparing thelocation to a list of locations that have a pre-calculated likelihood ofresulting in the at least one item of the content being compromised. 8.The method as described in claim 1, wherein the calculating includesparsing text that describes the location to calculate the likelihood,the data obtained by the computing device via a network.
 9. The methodas described in claim 1, further comprising responsive to a subsequentdetermination that the location associated with the user responsive tothe request has changed to another location that does not meet thespecified traits, blocking access to the at least one item of contentthrough execution of the embedded digital rights management module bythe at least one computing device.
 10. The method as described in claim1, wherein the at least one item of the content does not describecharacteristics of the location and thus the determining and thepermitting are performed by the digital rights management moduleregardless of whether the at least one item of content, itself, isotherwise associated with the location.
 11. In a digital mediumenvironment to control access to at least on item of content by digitalrights management functionality embedded as part of the content, amethod implemented by a computing device, the method comprising:collecting data describing temporal traits associated with a requestreceived from a user to access the content by the computing device andgeographical traits of a location associated with the request receivedfrom the user to access the content; determining from the data using adigital rights management module embedded as part of the content whetherthe temporal traits meet specified traits of a temporal behavior of adigital rights management policy enforced by the digital rightsmanagement module for the at least one item of the content, thedetermining including calculating a likelihood of access to the at leastone item of content being compromised at the location associated withthe user; responsive to a determination that the specified traits aremet, permitting access to the least one item of the content by theembedded digital rights management module; and permitting access toanother item of the content by the embedded digital rights managementmodule regardless of a result of the determination.
 12. The method asdescribed in claim 11, wherein the temporal traits associated with theuser is a time associated with the request to access the at least oneitem of the content.
 13. The method as described in claim 11, whereinthe temporal traits associated with the user specify operational hoursof a business that is associated with the content.
 14. A computingdevice comprising: a processing system; position determiningfunctionality to generate data describing geographical traits of alocation of the computing device; and memory configured to maintaincontent having an embedded digital rights management module that isexecutable by the processing system to control access to respective onesof a plurality of items of the content based at least in part on adetermination as to whether a request to access at least one item of theplurality of items of the content meets specified geographic traits of abehavior of a digital rights management policy enforced by the digitalrights management module, the determination based in part on acalculation of a likelihood of access to the at least one item ofcontent being compromised at the location, the control includingverifying the data describing geographical traits that is generatedusing position determination functionality of the computing device usingdata collected by an analytics service.
 15. The computing device asdescribed in claim 14, wherein the data describing the geographicaltraits is collected through execution by the embedded digital rightsmanagement module to access the analytics service over a network. 16.The computing device as described in claim 15, wherein the calculatingthe likelihood includes employing logic to determine a threat levellikely associated with location.
 17. The computing device as describedin claim 15, wherein the data is collected by the analytics service fromone or more other service providers via the network, the data describingthe user that originated the request.
 18. The computing device asdescribed in claim 15, wherein the embedded digital rights managementmodule is configured to verify data describing the geographical traitsthat is generated using position determining functionality of thecomputing device using the data collected by the analytics service. 19.The computing device as described in claim 15, wherein the embeddeddigital rights management module is configured to control access torespective ones of the plurality of items of the content based on thespecified geographic traits regardless of what is described by therespective ones of the plurality of items of the content.
 20. The methodas described in claim 11, wherein the calculating the likelihoodincludes employing logic to determine a threat level likely associatedwith the location at which the at least one item of content is to beaccessed.